Moxa Security Enhancement: Intel® Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)
Low RiskMPSA-256822Mar 9, 2026
Summary
Intel Converged Security Management Engine (CSME) with Active Management Technology (AMT) on Moxa devices is affected by multiple memory safety vulnerabilities: (1) CVE-2020-8752—out-of-bounds write in IPv6 subsystem allowing unauthenticated privilege escalation; (2) CVE-2020-8747—out-of-bounds read allowing information disclosure or denial of service; (3) CVE-2020-8749—out-of-bounds read allowing privilege escalation via adjacent network access. All three require no authentication and can be triggered over the network. Affected Intel ISM/AMT versions: all versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45.
What this means
What could happen
An attacker with network access could exploit memory vulnerabilities in Intel AMT to gain elevated privileges on the device, potentially allowing them to intercept, modify, or disrupt management communications and device operations, or extract sensitive information like credentials from device memory.
Who's at risk
This affects Moxa networked devices and any computers with Intel CSME and Active Management Technology (AMT) enabled in their firmware. In water utilities and electric utilities, this may include SCADA servers, engineering workstations, remote I/O units, and any networked industrial computing platforms that have Intel management firmware. Facilities relying on out-of-band (management network) access to devices for remote administration are directly at risk.
How it could be exploited
An attacker sends a specially crafted network packet to the Intel AMT service (typically port 16992 or 16993) targeting the IPv6 subsystem or other AMT subsystems. Because authentication is not required for these vulnerabilities, the attacker can trigger out-of-bounds read or write conditions that corrupt memory, leak sensitive data, or elevate their privilege level to administrative access on the managed device.
Prerequisites
- Network access to Intel AMT service port (typically 16992/TCP for HTTP or 16993/TCP for HTTPS)
- Moxa device or compute platform with Intel CSME and AMT enabled
- No authentication credentials required
Remotely exploitableNo authentication requiredLow complexity attackDefault or expected feature enabled on many Intel platformsAffects management layer with potential for lateral movement into operational systems
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
Security Enhancement: Intel® Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple VulAll versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/3HARDENINGIdentify all Moxa devices and networked assets that include Intel CSME with AMT enabled and determine their current firmware/CSME version
WORKAROUNDDisable Intel AMT if it is not required for your operational or management processes; this eliminates the attack surface entirely
WORKAROUNDRestrict network access to Intel AMT ports (16992/TCP, 16993/TCP) using firewall rules; limit access to authorized management workstations and networks only
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXApply vendor firmware updates that include patched Intel CSME versions (11.8.80, 11.12.80, 11.22.80, 12.0.70, or 14.0.45 and later) when updates become available from your device vendor
Long-term hardening
0/1HARDENINGMonitor for and block unsolicited connections to AMT ports from untrusted network segments; implement network segmentation to isolate AMT traffic
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8f0df8c6-781d-4ba8-9e49-47fe692d97ca